What is mobile forensics?
Mobile is the sub-category of digital forensics and is concerned with retrieving data from an electronic source. The main focus of mobile forensics is the recovery process of evidence from mobile devices such as smartphones and tablets.
Mobile devices are used and relied on by individuals in the digital age. With individuals using their mobile phones for data sending, receiving and searching, it is reasonable to assume that these devices hold a fundamental quantum of evidence that investigators may utilize in their investigating process.
Mobile devices are the store hub for a range of information, including phone records, text messages, online search history, and location data.
Three forms of data acquisition methods of mobile forensics:
In mobile forensics, there are three categories of collecting data:
1. Manual method: Manual extraction of mobile digital forensics is a manual extraction of mobile devices and is perhaps the easiest method to retrieve data. However, this method is not always reliable, can take a lot of time to complete, and can potentially compromise the originality of the data or the device. Here, the investigator scrolls through the text messages, web browser history, photo albums, and social media apps and see where this is going. Evidence is documented by taking pictures of each screen of information of interest. It is thus a time-consuming process with the potential for human error.
2. Logical acquisition of data: A logical acquisition is extracting the user's data from a mobile phone using forensic tools without touching the device's file system.
3. Physical acquisition of data: Physical acquisition implies a bit-by-bit copy of the entire physical store – memory or chip. It is a kind of data collection that includes system files, application data and other information that is not accessible to the user via the GUI of the device. It can be considered the complete representation of data stored in mobile flash devices or other storage devices. This method implies direct communication with the device's internal storage to collect the stored data.
General process in mobile forensics
1. Identification: The first step of mobile forensics is identifying the device that was involved in the criminal act.
2. Preservation: After the identification of the device, it is isolated. With cutting-edge technology, it is easier to contaminate the data in mobile devices, so the investigators cut off any connection it has to the outside world.
3. Data acquisition: It is the most critical process in mobile forensics. If the digital evidence is not collected correctly, it can be rendered useless in court. Also, data acquisition can provide investigators with critical information that can be used as evidence while the data is acquired from the Sim card, memory locations etc.
4. Analysis: The data can be examined to get insights into criminal activities.
5. Documentation: The investigator prepares the documentation from the inputs gathered from the evidence collected from the mobile devices.
Presentation: The information prepared from mobile forensics is prepared to be accepted by the judiciary as a piece of evidence.
